[Mailman-Users] confusing permission errors, help please

Mark Sapiro msapiro at value.net
Wed Dec 21 00:52:37 CET 2005 

Hugh Esco wrote:
>
>The apache error log for mumble still says:  
>
>	[Tue Dec 20 13:29:44 2005] [error] [client nnn.nnn.nnn.nnn] 
>		(13)Permission denied: access to /mailman/listinfo denied


So apparently, adding

   <Directory /u/m/mumble/mailman/cgi-bin/>
     Options ExecCGI
     SetHandler cgi-script
   </Directory>

didn't fix it. I would have added "Options +ExecCGI", but that probably
won't help either.

The "403 Forbidden error was encountered while trying to use an
ErrorDocument" seems to say there is something wrong with this virtual
host. Are you by any chance using suEXEC with this virtual host? Are
you running SELinux?

If suEXEC, see
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.017.htp>


>Your answer about using a single user for every instance of mailman didn't indicate if I was actually going overboard by creating instance specific users for each installation.  I have paired up user1 with mumble1, user2 with mumble2, etc., as an added security barrier and to protect users and their archives from one another.  Will it run this way?  Is that necessary?  


Yes, it will run that way. If you don't need the ability to have the
same list name on separate hosts, then this is probably overkill. if
you're asking is having a separate user per Mailman instance overkill
vs. having multiple, distinct instances all with the same user, having
separate users would allow giving the actual virtual host clients more
control over/visibility into their own Mailman without allowing them
to impact others. This may be useful. The alternative protection is to
have restrictive enough permissions so the individual virtual host
users don't have shell access to their Mailman at all.


>If I use a single source directory, yet install in multiple installation directories, each serving its own vhost, can two instances share a listname so I can have dx at mumble1.example.com and another at dx at mumble2.example.com?


Yes, and that is the major reason for doing it this way. If you don't
need this ability, you can probably do just fine with a single mailman
instance with Mailman's virtual host support.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list